It called the vulnerability a “double kill” bug, said it exploits “the latest version of Internet Explorer and applications that use the IE kernel”, and added that it's being spread in Microsoft Office documents that include a malicious Web page.

If a victim opens the document, the post claims, the malicious code will run in the background to execute the unspecified attack program.

Its only illustration of the attack is in the Chinese-language-annotated image below.

Microsoft would far prefer that users stopped using Internet Explorer and adopted its Edge browser instead. Some users are proving stubborn, though: according to Net Market Share, IE still has a rusted-on 12 per cent of the browser market.